2023-11-03 09:20:54 -07:00
|
|
|
import nock from 'nock';
|
|
|
|
import Container from 'typedi';
|
2024-05-23 10:08:01 -07:00
|
|
|
import type { Response } from 'express';
|
2023-11-03 09:20:54 -07:00
|
|
|
import Csrf from 'csrf';
|
|
|
|
import { Cipher } from 'n8n-core';
|
|
|
|
import { mock } from 'jest-mock-extended';
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
import { OAuth1CredentialController } from '@/controllers/oauth/oAuth1Credential.controller';
|
|
|
|
import { CredentialsEntity } from '@db/entities/CredentialsEntity';
|
2023-11-03 09:20:54 -07:00
|
|
|
import type { User } from '@db/entities/User';
|
|
|
|
import type { OAuthRequest } from '@/requests';
|
2023-11-10 06:04:26 -08:00
|
|
|
import { CredentialsRepository } from '@db/repositories/credentials.repository';
|
|
|
|
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
|
2023-11-03 09:20:54 -07:00
|
|
|
import { ExternalHooks } from '@/ExternalHooks';
|
|
|
|
import { Logger } from '@/Logger';
|
2023-11-27 04:17:09 -08:00
|
|
|
import { VariablesService } from '@/environments/variables/variables.service.ee';
|
2023-11-03 09:20:54 -07:00
|
|
|
import { SecretsHelper } from '@/SecretsHelpers';
|
|
|
|
import { CredentialsHelper } from '@/CredentialsHelper';
|
2023-11-28 01:19:27 -08:00
|
|
|
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
|
|
|
import { NotFoundError } from '@/errors/response-errors/not-found.error';
|
2023-11-03 09:20:54 -07:00
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
import { mockInstance } from '../../../shared/mocking';
|
|
|
|
|
|
|
|
describe('OAuth1CredentialController', () => {
|
2023-11-03 09:20:54 -07:00
|
|
|
mockInstance(Logger);
|
2024-05-23 10:08:01 -07:00
|
|
|
mockInstance(ExternalHooks);
|
2023-11-03 09:20:54 -07:00
|
|
|
mockInstance(SecretsHelper);
|
|
|
|
mockInstance(VariablesService, {
|
|
|
|
getAllCached: async () => [],
|
|
|
|
});
|
|
|
|
const cipher = mockInstance(Cipher);
|
|
|
|
const credentialsHelper = mockInstance(CredentialsHelper);
|
|
|
|
const credentialsRepository = mockInstance(CredentialsRepository);
|
|
|
|
const sharedCredentialsRepository = mockInstance(SharedCredentialsRepository);
|
|
|
|
|
|
|
|
const csrfSecret = 'csrf-secret';
|
|
|
|
const user = mock<User>({
|
|
|
|
id: '123',
|
|
|
|
password: 'password',
|
|
|
|
authIdentities: [],
|
2024-01-24 04:38:57 -08:00
|
|
|
role: 'global:owner',
|
2023-11-03 09:20:54 -07:00
|
|
|
});
|
|
|
|
const credential = mock<CredentialsEntity>({
|
|
|
|
id: '1',
|
|
|
|
name: 'Test Credential',
|
2024-05-23 10:08:01 -07:00
|
|
|
type: 'oAuth1Api',
|
2023-11-03 09:20:54 -07:00
|
|
|
});
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
const controller = Container.get(OAuth1CredentialController);
|
2023-11-03 09:20:54 -07:00
|
|
|
|
|
|
|
beforeEach(() => {
|
|
|
|
jest.resetAllMocks();
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('getAuthUri', () => {
|
|
|
|
it('should throw a BadRequestError when credentialId is missing in the query', async () => {
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Auth>({ query: { id: '' } });
|
2023-11-03 09:20:54 -07:00
|
|
|
await expect(controller.getAuthUri(req)).rejects.toThrowError(
|
|
|
|
new BadRequestError('Required credential ID is missing'),
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should throw a NotFoundError when no matching credential is found for the user', async () => {
|
|
|
|
sharedCredentialsRepository.findCredentialForUser.mockResolvedValueOnce(null);
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Auth>({ user, query: { id: '1' } });
|
2023-11-03 09:20:54 -07:00
|
|
|
await expect(controller.getAuthUri(req)).rejects.toThrowError(
|
|
|
|
new NotFoundError('Credential not found'),
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should return a valid auth URI', async () => {
|
|
|
|
jest.spyOn(Csrf.prototype, 'secretSync').mockReturnValueOnce(csrfSecret);
|
|
|
|
jest.spyOn(Csrf.prototype, 'create').mockReturnValueOnce('token');
|
|
|
|
sharedCredentialsRepository.findCredentialForUser.mockResolvedValueOnce(credential);
|
|
|
|
credentialsHelper.getDecrypted.mockResolvedValueOnce({});
|
2024-05-23 10:08:01 -07:00
|
|
|
credentialsHelper.applyDefaultsAndOverwrites.mockReturnValueOnce({
|
|
|
|
requestTokenUrl: 'https://example.domain/oauth/request_token',
|
|
|
|
authUrl: 'https://example.domain/oauth/authorize',
|
|
|
|
signatureMethod: 'HMAC-SHA1',
|
2023-11-03 09:20:54 -07:00
|
|
|
});
|
2024-05-23 10:08:01 -07:00
|
|
|
nock('https://example.domain')
|
|
|
|
.post('/oauth/request_token', {
|
|
|
|
oauth_callback:
|
|
|
|
'http://localhost:5678/rest/oauth1-credential/callback?state=eyJ0b2tlbiI6InRva2VuIiwiY2lkIjoiMSJ9',
|
|
|
|
})
|
|
|
|
.reply(200, { oauth_token: 'random-token' });
|
2023-11-03 09:20:54 -07:00
|
|
|
cipher.encrypt.mockReturnValue('encrypted');
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Auth>({ user, query: { id: '1' } });
|
2023-11-03 09:20:54 -07:00
|
|
|
const authUri = await controller.getAuthUri(req);
|
2024-05-23 10:08:01 -07:00
|
|
|
expect(authUri).toEqual('https://example.domain/oauth/authorize?oauth_token=random-token');
|
2023-11-03 09:20:54 -07:00
|
|
|
expect(credentialsRepository.update).toHaveBeenCalledWith(
|
|
|
|
'1',
|
|
|
|
expect.objectContaining({
|
|
|
|
data: 'encrypted',
|
|
|
|
id: '1',
|
|
|
|
name: 'Test Credential',
|
2024-05-23 10:08:01 -07:00
|
|
|
type: 'oAuth1Api',
|
2023-11-03 09:20:54 -07:00
|
|
|
}),
|
|
|
|
);
|
2024-05-23 10:08:01 -07:00
|
|
|
expect(cipher.encrypt).toHaveBeenCalledWith({ csrfSecret });
|
2023-11-03 09:20:54 -07:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('handleCallback', () => {
|
|
|
|
const validState = Buffer.from(
|
|
|
|
JSON.stringify({
|
|
|
|
token: 'token',
|
|
|
|
cid: '1',
|
|
|
|
}),
|
|
|
|
).toString('base64');
|
|
|
|
|
|
|
|
it('should render the error page when required query params are missing', async () => {
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Callback>();
|
2023-11-03 09:20:54 -07:00
|
|
|
const res = mock<Response>();
|
2024-05-23 10:08:01 -07:00
|
|
|
req.query = { state: 'test' } as OAuthRequest.OAuth1Credential.Callback['query'];
|
2023-11-03 09:20:54 -07:00
|
|
|
await controller.handleCallback(req, res);
|
|
|
|
|
|
|
|
expect(res.render).toHaveBeenCalledWith('oauth-error-callback', {
|
|
|
|
error: {
|
2024-05-23 10:08:01 -07:00
|
|
|
message: 'Insufficient parameters for OAuth1 callback.',
|
|
|
|
reason: 'Received following query parameters: {"state":"test"}',
|
2023-11-03 09:20:54 -07:00
|
|
|
},
|
|
|
|
});
|
|
|
|
expect(credentialsRepository.findOneBy).not.toHaveBeenCalled();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should render the error page when `state` query param is invalid', async () => {
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Callback>();
|
2023-11-03 09:20:54 -07:00
|
|
|
const res = mock<Response>();
|
2024-05-23 10:08:01 -07:00
|
|
|
req.query = {
|
|
|
|
oauth_verifier: 'verifier',
|
|
|
|
oauth_token: 'token',
|
|
|
|
state: 'test',
|
|
|
|
} as OAuthRequest.OAuth1Credential.Callback['query'];
|
2023-11-03 09:20:54 -07:00
|
|
|
await controller.handleCallback(req, res);
|
|
|
|
|
|
|
|
expect(res.render).toHaveBeenCalledWith('oauth-error-callback', {
|
|
|
|
error: {
|
|
|
|
message: 'Invalid state format',
|
|
|
|
},
|
|
|
|
});
|
|
|
|
expect(credentialsRepository.findOneBy).not.toHaveBeenCalled();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should render the error page when credential is not found in DB', async () => {
|
|
|
|
credentialsRepository.findOneBy.mockResolvedValueOnce(null);
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Callback>();
|
2023-11-03 09:20:54 -07:00
|
|
|
const res = mock<Response>();
|
2024-05-23 10:08:01 -07:00
|
|
|
req.query = {
|
|
|
|
oauth_verifier: 'verifier',
|
|
|
|
oauth_token: 'token',
|
|
|
|
state: validState,
|
|
|
|
} as OAuthRequest.OAuth1Credential.Callback['query'];
|
2023-11-03 09:20:54 -07:00
|
|
|
await controller.handleCallback(req, res);
|
|
|
|
|
|
|
|
expect(res.render).toHaveBeenCalledWith('oauth-error-callback', {
|
|
|
|
error: {
|
2024-05-23 10:08:01 -07:00
|
|
|
message: 'OAuth1 callback failed because of insufficient permissions',
|
2023-11-03 09:20:54 -07:00
|
|
|
},
|
|
|
|
});
|
|
|
|
expect(credentialsRepository.findOneBy).toHaveBeenCalledTimes(1);
|
|
|
|
expect(credentialsRepository.findOneBy).toHaveBeenCalledWith({ id: '1' });
|
|
|
|
});
|
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
it('should render the error page when state differs from the stored state in the credential', async () => {
|
|
|
|
credentialsRepository.findOneBy.mockResolvedValue(new CredentialsEntity());
|
|
|
|
credentialsHelper.getDecrypted.mockResolvedValue({ csrfSecret: 'invalid' });
|
2023-11-03 09:20:54 -07:00
|
|
|
|
2024-05-23 10:08:01 -07:00
|
|
|
const req = mock<OAuthRequest.OAuth1Credential.Callback>();
|
2023-11-03 09:20:54 -07:00
|
|
|
const res = mock<Response>();
|
2024-05-23 10:08:01 -07:00
|
|
|
req.query = {
|
|
|
|
oauth_verifier: 'verifier',
|
|
|
|
oauth_token: 'token',
|
|
|
|
state: validState,
|
|
|
|
} as OAuthRequest.OAuth1Credential.Callback['query'];
|
|
|
|
|
2023-11-03 09:20:54 -07:00
|
|
|
await controller.handleCallback(req, res);
|
2024-05-23 10:08:01 -07:00
|
|
|
|
2023-11-03 09:20:54 -07:00
|
|
|
expect(res.render).toHaveBeenCalledWith('oauth-error-callback', {
|
|
|
|
error: {
|
2024-05-23 10:08:01 -07:00
|
|
|
message: 'The OAuth1 callback state is invalid!',
|
2023-11-03 09:20:54 -07:00
|
|
|
},
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|